The BDO GovCon Week Ahead - June 2021

June 2021

GC-Practice_web-header_7-19-A.jpg


June 14, 2021

The Best Defense Is a Good Offense: On May 27, 2021, the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) quietly released a directive geared toward preventing the next pipeline system attack. Secretary of Homeland Security Alejandro N. Mayorkas stated, “The recent ransomware attack on a major petroleum pipeline demonstrates that the cybersecurity of pipeline systems is critical to our homeland security.”
 
The directive requires that critical pipeline owners and operators examine their existing cyber-related practices to identify any gaps, develop corrective actions, and report the results to TSA and the DHS Cybersecurity and Infrastructure Security Agency (CISA) within 30 days. It also requires that they designate a Cybersecurity Coordinator, who will be available 24/7, and that they will report suspected or confirmed cybersecurity incidents to CISA.
 
TSA is considering additional follow-on requirements, which is likely not a surprise to anyone who has been following the pipeline story. The DHS directive and any subsequent follow-ons are consistent with the Government-wide trend, where Government officials are recognizing that it’s not enough to respond to a cyber-attack after the fact. RaOfficials are calling on Federal agencies and their industry partners to proactively poke holes in their own systems and assess /address gaps before the next attack happens and critical services are brought to a screeching halt, or sensitive information is compromised.

For more information, please click this link.

U.S. Calls for Proposals to Combat Media Repression: As issues related to media censorship and the spread of misinformation continues to rise across the globe, The Defense Advanced Research Projects Agency (DARPA) is looking for new concepts that can help understand how authoritarian regimes control information.  DARPA, under a program called Measuring the Information Control Environment (MICE) wants to develop artificial intelligence technology to “measure how digitally authoritarian regimes repress their populations at scale over the internet via censorship, blocking, or throttling,” according to a June 1, 2021 pre-solicitation notice posted on SAM.gov.
 
As technology evolves and more censorship tools are being used to suppress information, DARPA wants to track these events in real-time and develop certain countermeasures in cyberspace. “MICE-developed technology will continuously and automatically update and feed into easily-understood dashboards in order to develop comprehensive, real-time ground truth understanding of how countries conduct domestic information control.” The document outlining the program listed six topics the proposals must address in order to bolster efforts to combat the repression. These topics include the targeted information environment, scope and granularity of measurement, where and how information will be collected, tracking plan, presentation for end-users, and other uses for the technology developed under MICE.
 
Proposals for MICE are due June 30, 2021, and awards will be made under other transaction authority (OTA) with a total combined award value for both project phases of up to $1 million.

For more information, please click this link and this link.

No Summer Slump for Congress: Congress is not taking any time off as summer approaches, with numerous bills, ranging from new cybersecurity measures to moving agency operations outside of the Washington, D.C. area, making their rounds through Congress. If these bills make their way to President Biden’s desk and gain approval, they will present wide-ranging impacts to multiple Federal agencies.
 
Following numerous high-profile cyberattacks including that of the Colonial Pipeline and meat supplier JBS USA, one bill aims to require government contractors to develop and maintain vulnerability disclosure policies (VDP). In 2020, the Department of Homeland Security pushed Federal agencies to develop VDPs which would allow ethical hackers to detect security risks and report them to the organization so they could rectify those gaps before a malicious entity could exploit them. The colloquially named Contractor Cybersecurity Act would now require contractors to do the same, to prevent increasingly complex and disruptive cyberattacks.
 
Another bill on the docket includes a bill to relocate certain Federal agencies outside of the Washington D.C. area, to bring the Government and associated economic benefits to more Americans. The commission, helmed by various members of the House, Senate, and GSA administrator would be tasked with preparing relocation plans and an economic and workforce development study focusing on low-income communities or other areas that are best suited for various agencies.
 
Additional bills include ones to allow states and local entities to apply for annual cybersecurity improvement grants, a bill that requires all Federal agencies’ budget justifications and appropriation requests be made available to the public, and a bill to increase funding and Federal support for the National Science Foundation (NSF).
 
As these various bills make their way through Congress, massive changes may be on the horizon to multiple Federal agencies.  It will be interesting to see what, if any, of these bills will make it to the finish line and how their impact may be felt.

For more information, please click this link.



June 8, 2021

It’s Here: CIO-SP4 Solicitation Issued Before Memorial Day Weekend: On May 25, 2021, the National Institutes of Health Information Technology Acquisition and Assessment Center (NITAAC) issued the long-awaited Chief Information Officer-Solutions and Partners 4 (CIO-SP4) solicitation. The 10-year, $50 billion follow-on Government-wide acquisition contract (GWAC) will contain a five year base period with five option years, intended to meet the IT needs across 10 task areas: IT services for biomedical research, health care and health sciences, CIO support, digital media, outsourcing, IT operations and maintenance, integration services, cybersecurity, digital Government and cloud services, enterprise resource planning, and software planning.
 
Now, you may be asking yourself: how will NITAAC weigh Federal Business System compliance into their evaluation of an offerors proposal? Largely, the requirements for the Accounting, Earned Value Management (EVM), Estimating, and Purchasing Systems are the same as described in the draft solicitation. It is important to note that there is no mention of needing a Cognizant Federal Agency (CFA)-approved EVM system in the solicitation. The solicitation reads, “If the offeror has an EVMS or cost / schedule control system that is compliant with [the American National Standards Institute/Electronic Industries Alliance standard 748] EIA-748, they shall award themselves 300 points. Only one member of an offerors [Contract Team Arrangement] CTA / [Joint Venture] JV or an affiliate need an EVMS, provided the offeror identify which member or affiliate has this, and how that member / affiliate would use the EVMS in the normal course of business for the offeror.” Offerors should plan to include documentation demonstrating compliance in the appropriate section of their proposals, but offerors without a CFA-approved EVMS should not panic.
 
Questions on the solicitation were due back on June 1, 2021, but offerors have until June 28, 2021 to submit their proposals. BDO’s Government Contracts professionals are available should potential offerors have any questions on the solicitation or on the scoring of Federal Business System compliance.

For more information, please click this link and this link.

Same Budget, Big Changes: Right before Memorial Day, the White House released the full Government fiscal year 2022 (FY22) budget request and, at first glance, it appears to be business as usual for the amount requested for the Department of Defense (DoD). However, the largely flat budget has some interesting changes included.
 
The budget request totals $715 billion for the DoD, or $753 billion when including total defense spending—which includes the Energy Department and other Federal agencies—represents a modest $12 billion increase over the FY21 budget. Business as usual, right?  Wrong! The big story here is how these funds are being used.
 
Sources at the Pentagon noted that although the budget is largely flat, the DoD is using this opportunity to reallocate resources, accelerate modernization and strategic competition initiatives, and fund other projects with the extra funds from the withdrawal in Afghanistan. Here are some of the key budgetary changes:

  1. Removal of the Overseas Contingency Operations (OCO) account, which was set up as an emergency wartime fund, but has been used to pad defense spending and avoid budget caps
  2. The Army will see a small decrease in funding due to the drawdown in Afghanistan while the other branches are set to receive a modest increase
  3. In an effort to reallocate funds, plans are in place to retire certain legacy equipment including older combat ships, cruisers, and landing ships from the Navy, older A-10, F-15, F-16 and other aircraft from the Air Force, and outdated night vision and IT systems from the Army
  4. Increased funding will be available for artificial intelligence, space systems, research and development (R&D), and other emerging technologies
  5. A pay increase of 2.7% for both military and civilian personnel is planned

The budget faces opposition from both sides of the aisle, with lawmakers concerned it does not do enough to address evolving and emerging threats and is not enough to cover the necessary resources, equipment, and training our civilian and military personnel need. Further complicating matters, others are concerned the budget includes too much wasteful spending. Now that the budget has been officially released, it will be interesting to see what changes and concessions are made as it makes its way through the approval channels.

For more information, please click on this link.

Critical Infrastructure Providers Need a Major Cybersecurity OverhaulFollowing the latest ransomware attack of the Colonial Pipeline, White House advisors are looking for ways to implement security workforce requirements for the nation’s critical infrastructure providers. Ransomware attacks have become increasingly present in the public and private sector, and as we see more and more business leaders shell out cash, we may see more of these events in the future. To combat future attacks and prevent nationwide infrastructure failures, the National Security Council (NSC) has tasked private sector advisors to investigate these critical providers’ cybersecurity systems.
 
The NSC has asked the private sector led National Infrastructure Advisory Council (NIAC) to perform a study and present its findings of ways to best incentivize critical providers to improve their cybersecurity workforce. One significant tool being considered is the implementation of specific cybersecurity standards within the Federal procurement requirements, which could lead to contractors being denied Federal contracts, if they cannot meet the standards. “We also think Federal procurement requirements are a really valuable tool,” said Jan Allman, Chief Executive Officer of Fincantieri Marinette Marine Corporation and a member of the NIAC. “So any private company bidding on Federally funded projects has to meet certain requirements, whether that's for meeting job quality training, standards or encouraging local hiring, or partnering with service providers to ensure that workers have access to the training they need to advance their careers.”
 
The NIAC presented an interim report on Thursday, May 20, 2021, which describes the three most pressing challenges that the critical infrastructure workforce faces to be lack of coordination, lack of diversity, and a disconnect with the traditional education system. The NIAC has stated that the final report is on track to be delivered in July 2021, which could help shape “one of the most important policy proposals for infrastructure in decades,” said NIAC Vice Chair Beverly Scott. Federal contractors should evaluate their current cybersecurity infrastructure and continue to monitor the NIAC’s final report, as changes to Federal procurement requirements will likely be arriving soon.

For more information, please click this link and this link.